force import of AuthorizeHelpers

[plcapi.git] / PLC / Methods / UpdatePersonTag.py

diff --git a/PLC/Methods/UpdatePersonTag.py b/PLC/Methods/UpdatePersonTag.py
index 2a88179..da443ee 100644 (file)
--- a/PLC/Methods/UpdatePersonTag.py
+++ b/PLC/Methods/UpdatePersonTag.py
@@ -9,6 +9,7 @@ from PLC.Auth import Auth
 from PLC.PersonTags import PersonTag, PersonTags
 from PLC.Persons import Person, Persons
 
+# need to import so the core classes get decorated with caller_may_write_tag
 from PLC.AuthorizeHelpers import AuthorizeHelpers
 
 class UpdatePersonTag(Method):
@@ -36,16 +37,13 @@ class UpdatePersonTag(Method):
             raise PLCInvalidArgument, "No such person setting %r"%person_tag_id
         person_tag = person_tags[0]
 
-        person = Persons (self.api, person_tag['person_id'])[0]
+        persons = Persons (self.api, person_tag['person_id'])
+        if not persons:
+            raise PLCInvalidArgument, "No such person %d"%person_tag['person_id']
+        person=persons[0]
 
         # check authorizations
-        if 'admin' in self.caller['roles']:
-            pass
-        # user can change tags on self
-        elif AuthorizeHelpers.person_may_access_person (self.api, self.caller, person):
-            pass
-        else:
-            raise PLCPermissionDenied, "%s: you can only change your own tags"%self.name
+        person.caller_may_write_tag(self.api,self.caller,tag_type)
 
         person_tag['value'] = value
         person_tag.sync()